Hide Forgot
Description of problem: when creating filter role permissions for organizations or/and locations hammer command: hammer filter info does not return organizations or/and locations Version-Release number of selected component (if applicable): * candlepin-0.9.54.13-1.el7.noarch * candlepin-selinux-0.9.54.13-1.el7.noarch * foreman-1.13.1-1.el7.noarch * foreman-compute-1.13.1-1.el7.noarch * foreman-debug-1.13.1-1.el7.noarch * foreman-discovery-image-3.1.1-17.el7sat.noarch * foreman-ec2-1.13.1-1.el7.noarch * foreman-gce-1.13.1-1.el7.noarch * foreman-installer-1.13.1-1.el7.noarch * foreman-installer-katello-3.2.0-3.rc4.el7.noarch * foreman-libvirt-1.13.1-1.el7.noarch * foreman-openstack-1.13.1-1.el7.noarch * foreman-ovirt-1.13.1-1.el7.noarch * foreman-postgresql-1.13.1-1.el7.noarch * foreman-proxy-1.13.1-1.el7.noarch * foreman-rackspace-1.13.1-1.el7.noarch * foreman-selinux-1.13.1-1.el7.noarch * foreman-vmware-1.13.1-1.el7.noarch * katello-3.2.0-3.rc3.el7.noarch * katello-certs-tools-2.4.0-1.el7sat.noarch * katello-client-bootstrap-1.1.0-2.el7sat.noarch * katello-common-3.2.0-3.rc3.el7.noarch * katello-debug-3.2.0-3.rc3.el7.noarch * katello-default-ca-1.0-1.noarch * katello-installer-base-3.2.0-3.rc4.el7.noarch * katello-selinux-3.0.1.2-1.el7sat.noarch * katello-server-ca-1.0-1.noarch * katello-service-3.2.0-3.rc3.el7.noarch * openldap-2.4.40-13.el7.x86_64 * pulp-client-1.0-1.noarch * pulp-docker-plugins-2.0.3-1.el7sat.noarch * pulp-katello-1.0.2-1.el7.noarch * pulp-ostree-plugins-1.1.3.1-1.el7sat.noarch * pulp-puppet-plugins-2.9.1-1.el7.noarch * pulp-puppet-tools-2.9.1-1.el7.noarch * pulp-rpm-plugins-2.9.1-1.el7.noarch * pulp-selinux-2.9.1-1.el7.noarch * pulp-server-2.9.1-1.el7.noarch * python-ldap-2.4.15-2.el7.x86_64 * tfm-rubygem-ldap_fluff-0.4.3-1.el7sat.noarch * tfm-rubygem-net-ldap-0.15.0-1.el7.noarch How reproducible: Always Steps to Reproduce: 1. create a role-1 hammer --output=csv role create --name="role-1" > Message,Id,Name > User role [role-1] created,175,role-1 2. create an org-1 hammer --output=csv organization create --name="org-1" > Message,Id,Name > Organization created,521,org-1 3. create loc-1 hammer --output=csv location create --name="loc-1" > Message,Id,Name > Location created,522,loc-1 4. create role-1 permissions for org-1 and loca-1 hammer --output=csv filter create --organization-ids="521" --role-id="175" --location-ids="522" --permissions="view_users,create_users,edit_users,destroy_users" > Message,Id > Permission filter for [User] created,457 5. request filter info of the created filter hammer filter info --id="457" Actual results: Id: 457 Resource type: User Search: none Unlimited?: yes Role: role-1 Permissions: view_users, create_users, edit_users, destroy_users Created at: 2016/12/05 11:01:38 Updated at: 2016/12/05 11:01:38 Expected results: Id: 457 Resource type: User Search: none Unlimited?: yes Role: role-1 Permissions: view_users, create_users, edit_users, destroy_users Locations: loc-1 Organizations: org-1 Created at: 2016/12/05 11:01:38 Updated at: 2016/12/05 11:01:38 Additional info: 1.the expected results are returned successfully under 6.1 and 6.2 2.creating role permissions for organizations or locations alone also does not return Organizations or Locations
I don't think this is a bug. In 6.3, the filter inherits orgs and locs from it's role unless you make it overriding. Therefore you should either update the hammer command so it includes "--override true" or assign the org and loc on role level. I'd suggest consulting this with Kedar who tested the Org admin feature and might have already automated this too. Tomas, how complicated would it be to add a custom warning to the filter create hammer command that would be printed only if the override value was not set but some orgs/locs were specified? If it's doable relatively easily I think that would be the right fix for this usability issue. Also I'm happy to do it if you provide me a guidance.
It should be relatively simple. 4 lines of code for create command, a bit more for update. I created and attached upstream issue. I think we should improve parameter descriptions in API too, because at the moment they don't mention relation between orgs/locs and override either.
Upstream bug assigned to tstrachota
Moving this bug to POST for triage into Satellite 6 since the upstream issue http://projects.theforeman.org/issues/17730 has been resolved.
after the fix when creating the organizations and locations are returned >>> hammer -v --output=csv filter create --override="1" --organization-ids="544" --role-id="161" --location-ids="545" --permissions="view_users,create_users,edit_users,destroy_users" <<< Message,Id Permission filter for [User] created,546 >>> hammer filter info --id="546" <<< Id: 546 Resource type: User Search: none Unlimited?: no Override?: yes Role: i4LRib Permissions: view_users, create_users, edit_users, destroy_users Locations: JcvflQFNae Organizations: ltUeA0 Created at: 2017/06/23 07:08:03 Updated at: 2017/06/23 07:08:03 _______________________________________________________________________ But when updating the fields Locations and Organizations are not returned >>> hammer filter update --organization-ids="546" --override="1" --location-ids="547" --id="546" --permissions="view_users,create_users,edit_users,destroy_users" <<< Message,Id Permission filter for [User] updated,546 >>> hammer filter info --id="546" <<< Id: 546 Resource type: User Search: none Unlimited?: yes Override?: yes Role: i4LRib Permissions: view_users, create_users, edit_users, destroy_users Created at: 2017/06/23 07:08:03 Updated at: 2017/06/23 07:08:36
I found out the functionality for resetting taxonomies when switching override to false is broken and erases them even when override is true. See http://projects.theforeman.org/issues/20117 for more details. I have a patch ready, switching the bug back to Assigned.
Marking the BZ as post, as the new patch was merged upstream
The change has been released with hammer-cli-foreman 0.11.0 and it will be rebased.
VERIFIED Version Tested: Satellite-6.3 Snap 17 steps: # hammer --output=csv role create --name="role-1" Message,Id,Name User role [role-1] created,25,role-1 # hammer --output=csv organization create --name="org-1" Message,Id,Name Organization created,4,org-1 # hammer --output=csv location create --name="loc-1" Message,Id,Name Location created,5,loc-1 # hammer --output=csv filter create --organization-ids="4" --role-id="25" --location-ids="5" --permissions="view_users,create_users,edit_users,destroy_users" Could not create the permission filter: Error: Organizations and locations can be set only for overriding filters See: 'hammer filter create --help' # hammer --output=csv filter create --organization-ids="4" --role-id="25" --location-ids="5" --permissions="view_users,create_users,edit_users,destroy_users" --override true Message,Id Permission filter for [User] created,270 # hammer filter info --id="270" Id: 270 Resource type: User Search: none Unlimited?: no Override?: yes Role: role-1 Permissions: view_users, create_users, edit_users, destroy_users Locations: loc-1 Organizations: org-1 Created at: 2017/09/24 10:10:25 Updated at: 2017/09/24 10:10:25 ________________________________________________________________________________ When update org/loc >>> # hammer filter update --organization-ids="1" --override true --location-ids="2" --id="270" --permissions="view_users,create_users,edit_users" Permission filter for [User] updated # hammer filter info --id="270" Id: 270 Resource type: User Search: none Unlimited?: no Override?: yes Role: role-1 Permissions: view_users, create_users, edit_users Locations: Default Location Organizations: Default Organization Created at: 2017/09/24 10:10:25 Updated at: 2017/09/24 10:15:58 Hammer filter info successfully showed org and loc. When there is org and loc parameter and --override value is not set, it showed warning("Organizations and locations can be set only for overriding filters") as per comment #2. After updating org/loc, hammer filter info showed org/loc.
Since the problem described in this bug report should be resolved in a recent advisory, it has been closed with a resolution of ERRATA. For information on the advisory, and where to find the updated files, follow the link below. If the solution does not work for you, open a new bug report. https://access.redhat.com/errata/RHSA-2018:0336